We live in uncertain times. There is no shortage of examples of how the digital age that we live in is becoming increasingly more dangerous for both individuals and companies:                According to the Federal Trade Commission, identity theft is number one crime in America and affects almost 20 thousand new victims each day.        In 2005 alone, data belonging to more than 60 million Americans was hacked, was on lost backup tapes, or was in computers that were stolen.        Wells Fargo lost a single laptop and is said to have paid more than $10 million notifying its customers under California's SB-1386 regulation.        An auditor working for McAfee lost a CD with personal information containing 9,000 of its employees. McAfee's market valuation immediately dropped $600 million.        Outsourcing to countries like India is tempting as a way to reduce costs, but data stolen overseas is being used to blackmail U.S. companies.        Compliance costs for Sarbanes-Oxley are so high that they are measured as a percent of total revenue.        Software, music, and DVD pirating in countries like China is making a mockery of copyright laws.All of these examples have one thing in common—the need to protect data has become extremely urgent. Current technologies like encryption, SSL, and VPNs have been shown to be only partially adequate. Security experts warn that data loss and theft is “just going to continue.”        
Identity management systems, encryption, SSL, VPN's, and other security products are all part of a necessary strategy to protect sensitive data. There is still, however, a gaping hole in this strategy—how can sensitive data be protected when these tools fail? How can firms control sensitive data when a laptop is stolen? Or when data is shared with a trading partner and that trading partner's servers are compromised? Or when a trusted employee becomes a rogue employee? Or when the sensitive data is overseas at an unknown location? Or when copyright material has been cracked and copied in China. Current products have failed to protect against these problems, and the Sarbanes-Oxley Act now holds public company officers personally responsible for the consequences.
Just twenty years ago, disk storage space was so expensive that many companies saved money by not storing the “19” as a part of the year (and the resulting Y2K problem cost companies billions of dollars). Today, disk storage space costs just 300 a gigabyte and continues to fall at a rate predicted by Moore's Law. The falling cost of collecting, storing, and transmitting data is the reason why data and digital content problems are “just going to continue”, perhaps at an accelerated rate. This is compounded by the fact that the U.S. is moving from a manufacturing economy to a services economy, and more and more content is being stored in digital form. This is further complicated by an increasing dependence on portable devices and types of media that are easier to lose or have stolen. Our problems in 2006 might one day be considered to be “the good old days.”
Typically, this content is stored and retrieved by an application. Storage is typically a disk drive or semiconductor memory. The application could be a file management system such as a database working with an enterprise human resources system. The application could also be Microsoft® Excel, where the file management system and program are integrated. Other applications could be a DVD device playing a movie, an iPod playing music, a cell phone retrieving phone numbers, or an intelligent navigation system in a car. In all of these examples, the data is stored and retrieved from storage by the application.
Research by Symantec® indicates that an ordinary notebook holds content valued at $972,000 in commercially sensitive data. As devices become more and more portable, it is becoming easier for a perpetrator to steal the storage and application at the same time. Portable devices also increase risks because the application may provide direct access to sensitive data that is stored on central servers.
Current systems fail to address all of the following data security problems:                The sensitive data or digital content in storage may contain personal, corporate, or copyright content. Anyone with access to storage can make a copy of this.        If the sensitive content depends on encryption, a “brute force” attack can be used to decrypt it. In the future, quantum computing may make such attacks trivial. Encryption is also problematic because it is difficult to use in many applications. Phil Zimmerman, the creator of PGP, “only uses encryption occasionally.”        Anyone can make a copy of a paper document without leaving any trace that a copy has been made, and without the knowledge or consent of the document's owner. Any number of copies of the original or new document can be made. The same is true for data and digital content, except that it is easier to copy and transmit instantly to any place in the world.        If a person's or entity's money is stolen, it can only be spent once. If a person's or entity's personal or sensitive data is stolen, it can be used any number of times.        It is very difficult to determine if digital content has been accessed or copied.        It is very difficult to determine where a digital copy came from or where it has been sent.        It is very difficult to determine where or when digital content is being used.        It is very difficult to get additional information about what else a perpetrator has copied or is doing.        There is no way to destroy the copied digital content.        There is no way to destroy the device the digital content is stored on.        It is very difficult to collect payment of copyright content that has been copied.        There is no provision for dealing with unknown future threats.        
Accordingly there is a need for a system, method and apparatus for electronically storing data and digital content in a way that original and copies of sensitive data can be protected, monitored, controlled, paid for, or even destroyed, as determined by the content owner.